package com.squareup.cash.e2ee.trifle;

import app.cash.trifle.Certificate;
import app.cash.trifle.KeyHandle;
import app.cash.trifle.Trifle;
import app.cash.trifle.TrifleErrors;
import app.cash.trifle.extensions.CertificateExtensions;
import app.cash.trifle.validators.CertChainValidator$X509CertChainValidator;
import com.squareup.cash.e2ee.signature.Signature;
import com.squareup.cash.e2ee.trifle.TrifleError;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.internal.Intrinsics;

/* loaded from: classes7.dex */
public final class RealTrifleService implements TrifleService {
    public final Trifle trifle;
    public final RealTrifleLogger trifleLogger;

    public RealTrifleService(RealTrifleLogger trifleLogger) {
        Intrinsics.checkNotNullParameter(trifleLogger, "trifleLogger");
        this.trifleLogger = trifleLogger;
        this.trifle = new Trifle();
    }

    public final void delete(byte[] key) {
        Intrinsics.checkNotNullParameter(key, "key");
        TrifleAction trifleAction = TrifleAction.DeleteKeyHandle;
        RealTrifleLogger realTrifleLogger = this.trifleLogger;
        realTrifleLogger.logAction(trifleAction);
        try {
            Trifle trifle = this.trifle;
            KeyHandle keyHandle = TrifleUtilsKt.toKeyHandle(key);
            trifle.getClass();
            Intrinsics.checkNotNullParameter(keyHandle, "keyHandle");
            KeyStore keyStore = KeyHandle.KEY_STORE;
            String tag = keyHandle.tag;
            Intrinsics.checkNotNullParameter(tag, "tag");
            Intrinsics.checkNotNullParameter(tag, "tag");
            KeyStore keyStore2 = KeyHandle.KEY_STORE;
            if (keyStore2.containsAlias(tag)) {
                keyStore2.deleteEntry(tag);
            }
        } catch (Exception e) {
            realTrifleLogger.logError(TrifleError.KeyHandleDeletionFailed.INSTANCE, null);
            throw e;
        }
    }

    public final byte[] signData(byte[] data, Signature signature) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(signature, "signature");
        TrifleAction trifleAction = TrifleAction.Sign;
        RealTrifleLogger realTrifleLogger = this.trifleLogger;
        realTrifleLogger.logAction(trifleAction);
        try {
            Trifle trifle = this.trifle;
            KeyHandle keyHandle = TrifleUtilsKt.toKeyHandle(signature.key);
            ArrayList mapToTrifleCertificates = TrifleUtilsKt.mapToTrifleCertificates(signature.certs);
            trifle.getClass();
            return Trifle.createSignedData(data, keyHandle, mapToTrifleCertificates).serialize();
        } catch (Exception e) {
            realTrifleLogger.logError(TrifleError.SigningFailed.INSTANCE, null);
            throw e;
        }
    }

    /* renamed from: verifyCerts-IoAF18A, reason: not valid java name */
    public final Object m2205verifyCertsIoAF18A(List certificateChain) {
        Intrinsics.checkNotNullParameter(certificateChain, "certificateChain");
        ArrayList certificateChain2 = TrifleUtilsKt.mapToTrifleCertificates(certificateChain);
        this.trifle.getClass();
        Intrinsics.checkNotNullParameter(certificateChain2, "certificateChain");
        Certificate certAnchor = (Certificate) CollectionsKt___CollectionsKt.last((List) certificateChain2);
        CertificateFactory certificateFactory = CertificateExtensions.X509FACTORY;
        Intrinsics.checkNotNullParameter(certAnchor, "$this$validate");
        Intrinsics.checkNotNullParameter(certificateChain2, "certificateChain");
        Intrinsics.checkNotNullParameter(certAnchor, "certAnchor");
        if (certAnchor.version != 0) {
            throw new UnsupportedOperationException("Unsupported version of Trifle Certificate");
        }
        Object m932validateIoAF18A = new CertChainValidator$X509CertChainValidator(certAnchor, null).m932validateIoAF18A(certificateChain2);
        return Result.m2559exceptionOrNullimpl(m932validateIoAF18A) instanceof TrifleErrors.NotValidYetCertificate ? ResultKt.createFailure(TrifleError.NotValidYetCertificate.INSTANCE) : m932validateIoAF18A;
    }
}
